Worst Ever Security Flaw Found In Diebold TS Voting Machine

The Open Voting Foundation ^ | JULY 31, 2006 | OPEN VOTING FOUNDATION

[rit]

OPEN VOTING FOUNDATION 9560 Windrose Lane Granite Bay, CA 95746 Phone (916) 295-0415 alan@openvoting.org

PRESS RELEASE -- JULY 31, 2006

FOR IMMEDIATE RELEASE

Subject: WORST EVER SECURITY FLAW FOUND IN DIEBOLD TS VOTING MACHINE Contact: Alan Dechert Reference: PICTURES (Click on thumbnail. Click again on lower half of picture for high resolution)

SACRAMENTO, CALIFORNIA -- “This may be the worst security flaw we have seen in touch screen voting machines,” says Open Voting Foundation president, Alan Dechert. Upon examining the inner workings of one of the most popular paperless touch screen voting machines used in public elections in the United States, it has been determined that with the flip of a single switch inside, the machine can behave in a completely different manner compared to the tested and certified version.

“Diebold has made the testing and certification process practically irrelevant,” according to Dechert. “If you have access to these machines and you want to rig an election, anything is possible with the Diebold TS -- and it could be done without leaving a trace. All you need is a screwdriver.” This model does not produce a voter verified paper trail so there is no way to check if the voter’s choices are accurately reflected in the tabulation.

Open Voting Foundation is releasing 22 high-resolution close up pictures of the system. This picture, in particular, shows a “BOOT AREA CONFIGURATION” chart painted on the system board.

The most serious issue is the ability to choose between "EPROM" and "FLASH" boot configurations. Both of these memory sources are present. All of the switches in question (JP2, JP3, JP8, SW2 and SW4) are physically present on the board. It is clear that this system can ship with live boot profiles in two locations, and switching back and forth could change literally everything regarding how the machine works and counts votes. This could be done before or after the so-called "Logic And Accuracy Tests".

A third possible profile could be field-added in minutes and selected in the "external flash" memory location, the interface for which is present on the motherboard.

This is not a minor variation from the previously documented attack point on the newer Diebold TSx. To its credit, the TSx can only contain one boot profile at a time. Diebold has ensured that it is extremely difficult to confirm what code is in a TSx (or TS) at any one time but it is at least theoretically possible to do so. But in the TS, a completely legal and certified set of files can be instantly overridden and illegal uncertified code be made dominant in the system, and then this situation can be reversed leaving the legal code dominant again in a matter of minutes.

“These findings underscore the need for open testing and certification. There is no way such a security vulnerability should be allowed. These systems should be recalled”

OPEN VOTING FOUNDATION is a nonprofit non stock California corporation dedicated to demonstrating the need for and benefits of voting technology that can be publicly scrutinized.

[Fighting Irish]

Here we go again.....

[beckysueb]

All your diebold are belong to us?

[Paradox]

Oh no! We've been busted!

[Bob J]

So what? Voting machines manufactured for the DNC is all.

[ShadowAce]

[Monkey King]

Look, if they're going to announce this sort of thing, they need to announce it correctly -

Ahem:

WORST. SECURITY FLAW. EVER.

</comic book guy>

Thank you.

[Tijeras_Slim]

“If you have access to these machines and you want to rig an election, anything is possible with the Diebold Tijeras_Slim Model -- and it could be done without leaving a trace.

[L98Fiero]

"The most serious issue is the ability to choose between "EPROM" and "FLASH" boot configurations. Both of these memory sources are present. All of the switches in question (JP2, JP3, JP8, SW2 and SW4) are physically present on the board. It is clear that this system can ship with live boot profiles in two locations, and switching back and forth could change literally everything regarding how the machine works and counts votes. This could be done before or after the so-called "Logic And Accuracy Tests"."

Yeah, breaking in there doing that without screwing something else up is so much easier than stuffing a paper ballot box.

[God luvs America]

let's concentrate on the potential of voting machine flaws in a worst case scenario yet turn a blind eye to people who vote yet aren't registered to do as much or steal identities of other voters...

[slightlyovertaxed]

Eh, why not just print a receipt with your name/some code and what you voted for? Just like at the ATM...most people will throw them out or shred them, while a few tinfoil hatters have proof?

[EagleUSA]

Sorry California Libs -- BUSTED!! Better go back to dangling chads...

[MikeA]

Conclusion? John Kerry must be sworn in at once as president of course.

Let's all remember it's the same Democrats and their MSM lapdogs doing all the hand wringing over automated voting who pushed this on the American public after Florida 2000. This was all part of the hysterical over-reaction to people too stupid to punch a hole. Now they got what they wanted and still they bitch. Just because there's a security flaw doesn't mean anyone had any ability to exploit it. If it's taken this long to figure out there was a security flaw, I doubt anyone had enough access to these machines to figure out how to exploit it.

This is a huge non-story.

[Darkwolf377]

"Cut the blue wire, and all the votes become Republican!"

"OK, I'm going in. Here we go--blue wire, right?"

"Uhhh...maybe the white wire.... No, no, definitely the blue wire. No, RED wire!"

[AnnaZ]

There need to be two paper copies per voter, one that stays with the precinct, and one that the voter can take home.

[MikeA]

Exactly. As if anyone knew how to exploit this supposed security flaw and just walked into voting stations and started tampering with machines unnoticed. Yet Dims stand in the way of any sort of I.D. procedure to prevent multiple or fraudulent voting. Please.

[dead]

Diebold shmiebold. Real voting reform:

• Valid picture ID, confirming citizenship and eligibility to vote at that location.
• Dip your finger in ink before voting.
• Long prison term for individual voter fraud.
• Death penalty for systemic fraud.

[traditional1]

The Democrats have begun their anti-Diebold rant already? They didn't mention the dead voters can't push the touch screens? They don't like to use fingers on the touch screen, lest the fingerprints match on the screens at ten different polling places? They want to continue to use provisional and absentee ballots from Daffy Duck, Mary Poppins, Dick Tracy, etc., like the ones submitted in Ohio in 2000?

I can see that they are REALLY intent on eliminating fraud, alright.

Also, the ballots on the Diebold machines MUST appear in English, Spanish, and Ebonics or they will sue........

[FroedrickVonFreepenstein]

Eh, why not just print a receipt with your name/some code and what you voted for? Just like at the ATM...most people will throw them out or shred them, while a few tinfoil hatters have proof?

Can't you just imagine the local DemonRAT nut jobs showing up with bushell baskets of "receipts" that prove their guy really won?

[KarlInOhio]

The voting machines my precincts have had the past couple of elections print a "page" (about 4 inches) of your votes. You then have to click yes to verify them. That repeats until every vote you've made is shown. The paper then rolls further into the machine to be used to verify the count if needed. There is no way my vote for Blackwell could be changed into a vote for Strickland in both the computer and on the printout.

As for the electronics, those boxes had better require access to the board to update the software (not just attaching a cable and pressing a couple of buttons) and the case should have a physical serialized seal on it which cannot be opened and closed again without a new seal put on it.